As the global pandemic drags on due to plateauing vaccination rates, another COVID-19 virus is proving itself a threat. No, it isn’t another coronavirus variant — rather, this COVID-19 is digital, and menaces devices and data instead of people and respiratory systems.
In truth, there isn’t just one COVID-19 malware. Cybercriminals have developed a number of COVID-based attacks to take full advantage of the heightened emotions surrounding the virus. Unfortunately, because people have come to rely even more significantly on digital tools and services as a result of the pandemic, many of these COVID-related attacks are seeing success.
How can users recognize a COVID cyberattack before it happens, and is there anything else users can do to stop the loss of data and cash? Read on to find out.
COVID Email Spam
As early as February 2020, email scammers had deployed COVID-related messages to inboxes around the world, hoping to trick or scare users into downloading malicious attachments, clicking links to corrupted websites and otherwise doing things that cause users harm. Today, there is a great variety of COVID-related email spam that users should be aware of, to include emails that seem to be:
- from loved ones asking for financial support during the crisis
- from lawyers offering inheritances from relatives lost in the pandemic
- from managers and supervisors requesting sensitive documents from employees
- offering advice for avoiding or treating COVID infection
- collecting charitable donations for those suffering during the pandemic
- providing shipping information about goods purchased online
Many email clients are proficient at filtering out spam emails, but users need to be able to identify and avoid any spam messages that do get through. Users should always check the sender’s email address to make certain they recognize where the message is coming from. Even when a message comes from a trusted source, users should scour emails for signs of corruption, like typos, unnatural grammar or topics that senders might usually avoid. Finally, users should try to avoid clicking on emailed links and attachments directly, choosing instead to navigate to related websites on their own.
Every day, over 560,000 new instances of malware are created and deployed on the web, and as the pandemic has progressed, more and more of these instances of malware have become focused on COVID.
The first and most prominent was Coronavirus Installer, a Czech malware that overrides a system’s master boot record, which prevents a device from booting up its operating system. The message from the malware states, “Your computer has been infected by coronavirus!” over an image of Sars-CoV-2 that takes up the entire device screen. Instead of providing users with ransom details, the malware requires the user to reboot their device to launch another window with contact information of the attacker, who will then presumably demand payment for the malware’s removal.
Another malware program was spread via an interactive COVID-19 map from Johns Hopkins University. The map was intended to help the population understand where in the world COVID infections and deaths were highest, but hackers were able to copy the map and use it to spread Java-based malware.
Finally, cybersecurity researchers discovered a coronavirus-themed Winlocker, repurposed from a similar malware developed in 2019. The program modifies a device’s system registry to make the system much more difficult for users to navigate. Then, the malware replaces the user’s wallpaper with an image that says “Coronavirus” and plays sinister sounds, including a robot voice saying “coronavirus” in a loop. A dialog box requests a decryption code, which users can obtain by sending certain payment information to a Gmail address.
In every case of malware and ransomware, not just the coronavirus-themed ones, the best offense is a good defense. Antivirus tools constantly scan files for potential threats, quarantine malicious programs before they can become threats and fight active attacks faster and more effectively than a user can. Users should install comprehensive antivirus software from a trusted source to keep their devices protected from all types of threats, to the end of the pandemic and beyond.
COVID Malicious Websites
As pandemic locked downs kept populations at home, it also drove them online — often searching the web for information about the virus. Cybercriminals recognized this trend and built websites to capture that web traffic and profit from it. Most commonly, malicious websites claim to have various solutions to those afraid of and suffering from the novel coronavirus.
Perhaps the best example — and perhaps the most successful malicious sites — include two major websites, antivirus-covid19[.]site and corona-antivirus[.]com, that have been created by bad actors interested in infecting users’ devices with dangerous malware. First, the websites offer an app developed by Harvard University, named Corona Antivirus. Unfortunately, once users download the app, their device is infected with a remote-access Trojan (RAT) malware that adds the device to a botnet used to launch DDoS attacks. Additionally, the malware can log keystrokes, take screenshots, steal cryptocurrency wallets and perform other dangerous actions. Next, the websites supposedly sell WHO-approved vaccine kits — though no such kits currently exist. The website charges only $4.95 for shipping but undoubtedly steals users’ credit card information when these details are entered.
Other malicious websites include one imitating a U.K. government site that collects personal information and bank account credentials, a few pretending to offer free streaming media but instead phishing account logins information from users.
It can be difficult for users to differentiate between a legitimate website and one designed to harvest information or spread malware. Here are a few bad signs that a site doesn’t have good intentions:
The URL is shady. Legitimate sites will always start with “https://” — that “s” stands for security, indicating that the site uses encryption processes to transfer data, and legit sites also tend to have more common domain suffixes, like “.org,” “.com,” “.gov” and the like. A scam site could have typos, numerals, odd punctuation and other strange elements in the URL.
The site is empty. Users should be able to navigate to many different pages on the website, to include about pages, contact pages, blog posts and more. If a website is little more than a homepage, it probably isn’t trustworthy.
The site is riddled with errors. Spelling and grammar mistakes, broken images, missing links and other errors are good indications that the web developers aren’t sinking much time into the site, likely because the site is a fraudulent one.
COVID Social Phishing
The pandemic increased the average amount of time users spent on social media sites by about 10 minutes per day, which meant radically more social media messages, links, photos and more. Cybercriminals took advantage of the increase in social media activity as well as widespread fear and uncertainty about COVID to launch social media phishing campaigns with pandemic themes. For example, some messages sent to social media users claimed to offer a few free months of subscription media services like Netflix only to send users to malicious websites that harvested data or installed malware. Other messages might claim to have the latest news about COVID-19 or alternative treatments for COVID patients.
As with malicious emails and websites, users need to carefully examine the messages they receive on social media. Messages from strangers should always be suspect, and users should always refrain from clicking links sent in social media messages. Independently searching for information on any news or offers contained in social media messages can provide insight into whether the messages are ongoing scams.
COVID-19 is a threat to one’s health, and it is also a threat to one’s devices and data. When users have more information about coronavirus-related digital threats, they can take appropriate action to keep themselves safe.